external-secrets

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Author	SHA1	Message	Date
Moritz Johner	4e4992f0e2	🧹 bump dependencies (#2061 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-27 12:15:11 +00:00
Pedro Parra Ortega	c2054cc1bf	✨ add-keeper-security-provider (#1768 ) * add keepersecurity provider Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * chore: bump 0.7.0-rc1 (#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret first iteration Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret and updated documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * refactor client Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * update code and unit tests Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix custom fields Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * making it reviewable Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix custom field on secret map Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update docs/snippets/keepersecurity-push-secret.yaml Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fixed edge case, improved validation errors and updated docs Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix logic retrieving secrets Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update pkg/provider/keepersecurity/client.go Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * lint code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * linting code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * go linter fixed Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix crds and documentation Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> --------- Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>	2023-02-03 15:27:21 +01:00
cspargo	fdc21faf61	✨ AWS Role Chaining (#1855 ) Signed-off-by: cspargo <colinspargo@gmail.com>	2023-01-08 11:49:22 -03:00
Gustavo Fernandes de Carvalho	0bd9ea4dbd	✨ Templates from string (#1748 ) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 19:02:43 -03:00
Gustavo Fernandes de Carvalho	0cb799b5cf	✨Feature/push secret (#1315 ) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>	2022-11-29 16:04:46 -03:00
Dominik Zeiger	f38f40a2b4	gitlab: support for CI/CD group variables (#1692 ) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-21 22:26:34 +01:00
Moritz Johner	dabfa5a589	Feature: initial generator implementation + Github Actions OIDC/AWS (#1539 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-10-29 20:15:50 +02:00
Yannay Hammer	14f5ddf198	Added namespace condition to ClusterSecretStore (#1635 ) * Added namespace condition to ClusterSecretStore Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added the new conditions field to the docs Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added tests to ClusterSecretStore namespace conditions Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added some comments to explain tests better Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed a testcase Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Increased golangci timeout to 10m Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed test to use fakeProvider correctly Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Removed hardcoded timeout from make lint Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Improved error message on non matching namespace Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Modified testCase to use GenericStore interface Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Attempt at generalizing the testcase and reducing code duplication Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Reduced some diff Signed-off-by: Yannay Hammer <yannayha@gmail.com> * fix: tidy e2e mod Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Docs <docs@external-secrets.io> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-17 16:40:18 +02:00
Dominik Zeiger	fa38fe1e60	enable configuration of environment_scope for gitlab provider (#1565 ) * enable configuration of environment_scope for gitlab provider Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-09-27 22:08:38 +02:00
Ryan Blunden	f01e13f21b	Add Doppler provider (#1573 ) * Add Doppler provider Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>	2022-09-23 22:47:25 +02:00
renanaAkeyless	ed59520674	added akeyless k8s auth option (#1531 ) * added akeyless k8s auth option Signed-off-by: Docs <renana@akeyless.io>	2022-09-11 13:25:29 +02:00
Moritz Johner	ed0ceb8d84	fix: aws parameter store json decode, bump go 1.19 (#1525 ) * fix: parameter store should decode complex json values Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-09-06 19:46:36 +02:00
dependabot[bot]	67fedc840e	✨ Kubernetes v1.24 upgrade (#1345 ) * build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: bump kubernetes 1.24 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: backwards-compatible vault implementation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add audiences field to serviceAccountRef This will be used by aws, azure, gcp, kubernetes & vault providers in combination with TokenRequest API: it will _append_ audience claims to provider-specific audiences. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: refactor kubernetes client to match provider/client interfaces the kubernetes provider mixed up provider and client interfaces which made it really hard to reason about. This commit separates into two structs, each implements one interface. The client struct fields have been renamed and annotated so their use and scope is clear. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: deprecate expirationSeconds expirationSeconds is not needed because we generate a service account token on the fly for a single use. There will be no replacement for this. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: rename token fetch audiences field Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: generate CRDs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-19 17:32:06 +02:00
Moritz Johner	2d20b5488e	feat: add azkv.environmentType (#1469 ) users of USGovCloud, ChinaCloud, GermanCloud need slightly different configuration for AADEndpoint and keyvault resource. This is based on CSI Secret Store Azure KV driver, Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-18 00:12:44 +02:00
Nandor Magyar	a0055100d9	clean: typo (clister) in azurekv_types (#1442 ) Signed-off-by: Nandor Magyar <nandormagyar.it@gmail.com> Signed-off-by: Nandor Magyar <nandormagyar.it@gmail.com>	2022-08-10 20:02:31 +02:00
Helena Steck	2b5710d8d5	add missing default values for spec.target (#1431 ) Add missing default values for ExternalSecretTarget on CRD definition Fixes #1233 Signed-off-by: Helena Steck <steckhelena@gmail.com>	2022-08-08 21:27:13 +02:00
Gustavo Fernandes de Carvalho	b4e7acfaa9	✨Implements dataFrom key rewrite (#1381 ) * Implements dataFrom key rewrite Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * docs: add example to remove invalid characters Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-04 15:24:02 -03:00
Moritz Johner	4affcb7345	🐛Clarify CAProvider usage in struct annotations (#1397 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-07-27 18:44:23 -03:00
Mike	fdf1f9ce6f	feat: Add support for container auth to IBM provider. (#1177 )	2022-07-26 22:48:07 +02:00
Gareth Evans	7eff8db532	feat: additional columns for kubectl output (#1359 )	2022-07-19 20:48:37 +02:00
Gustavo Fernandes de Carvalho	fa91ba0f6c	✨ Adds DecodingStrategy to ExternalSecrets (#1294 ) Fixes #920 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-07-12 09:18:00 -03:00
Moritz Johner	cff9be1664	feat(kubernetes): allow service account auth (#1201 ) * feat(kubernetes): allow service account auth Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-06-13 21:49:05 +02:00
Chris McCoy	c8fc27316a	Check 1beta1RemoteRef.Extract for nil	2022-06-01 12:11:58 -04:00
Moritz Johner	8c14f8aff0	fix: loosen validation to enable referent auth. also adding tests for vault. this is the only provider that supports that as of now. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-05-23 20:10:16 +02:00
paul-the-alien[bot]	1a6579b876	Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync azkv tag feature	2022-05-20 15:51:50 +00:00
paul-the-alien[bot]	3de2cc8bee	Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager Support for Yandex Certificate Manager	2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ	3256bc4b82	azkv tag feature	2022-05-16 16:49:34 +02:00
david amick	435aefc7ac	Add 1Password support	2022-05-08 17:01:26 -07:00
Docs	c73206b29c	Add senhasegura DSM provider	2022-05-02 13:28:18 -03:00
Gonzalo Servat	db7fd4a037	Fix casing on Gitlab	2022-04-28 21:43:42 +10:00
Docs	dc7df48cae	add support for Yandex Certificate Manager	2022-04-22 21:40:52 +03:00
Gustavo Carvalho	3bd0d2d04f	Making spec.target optional fixes #996 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-04-20 13:27:13 -03:00
Merlin	4820cc9165	Ignore ExternalSecret processing if the store is not usuable (e.g. NotReady).	2022-04-13 23:24:39 +02:00
Moritz Johner	c2bcceb057	feat: implement deletionPolicy (#900 ) * feat: implement deletionPolicy Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>	2022-04-05 13:38:06 +02:00
Alfred Krohmer	d7022b1bef	feat(vault): add option for JWT backend to authenticate with Kubernetes service account token (#768 )	2022-04-04 21:20:58 +02:00
Gustavo Carvalho	c779ef59e7	Marking v1alpha1 as deprecated. Improving docs and menu order. Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-03-29 11:21:32 -03:00
Moritz Johner	cf7e3832ae	feat(azure): implement workload identity (#738 ) * feat(azure): implement workload identity Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Henning Eggers <henning.eggers@inovex.de>	2022-03-22 21:59:01 +01:00
Daniel Hix	324c7def06	feat: implement ClusterExternalSecret (#542 ) Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-03-20 09:32:27 +01:00
Gustavo Carvalho	164e8776ec	Adding docs and implementing ConversionStrategy Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-03-09 06:59:54 -03:00
Gustavo Carvalho	2f23fd28ed	Adding GetAllSecrets for Hashicorp Vault Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-03-09 05:40:09 -03:00
paul-the-alien[bot]	439ecfaf9d	Merge pull request #783 from AtzeDeVries/allow-gcp-cross-project-secrets GCP: allow cluster to be in different project	2022-03-09 10:03:20 +00:00
Atze de Vries	2f53ab8220	also make optional for v1beta1 and add note to docs	2022-03-03 19:35:38 +01:00
Atze de Vries	739043283c	make clusterProjectID omitemtpy	2022-03-02 18:03:45 +01:00
Atze de Vries	da47ad2cac	GCP: allow cluster to be in different project	2022-03-02 11:24:04 +01:00
Moritz Johner	8fc4484cc6	feat: implement validating webhook Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-03-01 21:25:15 +01:00
Moritz Johner	fb8f496204	Merge branch 'main' into feature/conversion-webhook	2022-02-23 08:15:03 +01:00
rodrmartinez	39038b03c8	enforce that exactly one auth property is used	2022-02-22 15:45:45 -03:00
rodrmartinez	0392777965	Merge branch 'main' into feature/kubernetes-provider	2022-02-22 14:57:50 -03:00
rodrmartinez	7c4a17a9c3	Merge branch 'main' into feature/kubernetes-provider	2022-02-17 15:38:45 -03:00
rodrmartinez	86d7710727	changing kubernetes api struct	2022-02-17 14:45:43 -03:00
Gustavo Carvalho	c0ed7de5f7	Adding status information to kubectl get css Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-17 13:13:59 -03:00
Gustavo Carvalho	40ec693479	Merge branch 'main' into feature/conversion-webhook Fixed conflicts and implemented necessary changes for v1beta1	2022-02-16 16:00:32 -03:00
Gustavo Carvalho	1d8cfc4a12	Changed logic of Webhook check for certs. Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-14 15:46:10 -03:00
Gustavo Carvalho	31eedfbb26	Fixing up some code smells Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-14 10:36:12 -03:00
Gustavo Carvalho	cb7f936228	Adding tests for externalSecrets, secretStores and ClusterSecretStores conversion methods Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-11 11:31:00 -03:00
Moritz Johner	54e68399ec	feat: implement template engine v2 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-02-11 08:26:31 +01:00
Gustavo Carvalho	23784803ff	Merge branch 'main' into feature/conversion-webhook Updated Oracle provider new specs for v1beta1 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-10 16:55:37 -03:00
Gustavo Carvalho	e9cfe551b9	Fixing sonar cloud code smells Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-09 11:51:08 -03:00
Gustavo Carvalho	574953d2d8	Fixing lint and checkdiffs Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-09 11:41:31 -03:00
Gustavo Carvalho	ba8a5b7b64	Adding first structure for webhook service. Rewrote webhook conversion for ExternalSecrets Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-09 11:28:44 -03:00
Gustavo Carvalho	58c6e35010	Loading ConvertWebhook on main routine Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-08 16:37:01 -03:00
Gustavo Carvalho	0530385992	v1beta1 initial commit Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-08 14:07:34 -03:00
Elad Gabay	fe416890b1	oracle vault: Use instance principal if auth is empty Currently the oracle vault's secretstore uses a specific user credentials. This commit introduce a new way to access the vault, using the instance principal. All user's details moved to "auth" section in the OracleProvider which now is optional. If "auth" is empty, by default, we use the instance principal, otherwise if specified user's auth details, we use them. In addition: - Fixed the fingerprint secret reference which until now used the privatekey secret instead of its reference. - Bump OCI SDK version.	2022-02-07 18:38:10 +02:00
Lucas Severo Alves	6630ab7494	Initial draft of reporter (#466 ) * Initial draft of reporter * Test out reporter in AWS provider * trying out different events approach * feat: implement store reconciler and events Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add validate() method to provider interface Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: use static requeue interval in store ctrl Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Mircea Cosbuc <mircea.cosbuc@container-solutions.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-02-07 11:42:18 +01:00
Moritz Johner	fe1cb8bc69	feat(provider): implement fake provider Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-02-01 11:18:43 +01:00
rodrmartinez	d0cbbe2470	Adds default values for Server and RemoteNamespace	2022-01-26 15:27:30 -03:00
rodrmartinez	b6b74350d5	Creates Kubernetes Provider secretstore	2022-01-25 17:11:12 -03:00
Marc Billow	0753da1cbd	Support for eventual consistency in Vault Enterprise	2022-01-19 16:25:01 -06:00
Lucas Severo Alves	16948ed572	Merge pull request #596 from EladGabay/elad/oci-secret-by-name OCI Vault: Get secret by name from a specific Vault	2022-01-16 17:20:46 +00:00
Elad Gabay	f50438353e	oracle: Add Vault OCID to provider	2022-01-16 12:05:58 +02:00
Elad Gabay	137ce182c1	oracle: Fix provider fields docs	2022-01-16 12:02:56 +02:00
paul-the-alien[bot]	4c6b6a1e84	Merge pull request #525 from HanseMerkur/vault_optional_path Optional path for Vault SecretStore	2022-01-14 19:33:29 +00:00
paul-the-alien[bot]	44d4cf061b	Merge pull request #559 from willemm/feat/generic_webhook Add generic webhook provider	2022-01-11 15:50:05 +00:00
Lennart Weller	f7f521317e	add generated files	2022-01-10 10:12:17 +01:00
Lennart Weller	0d06247163	Made SecretStore path for Vault optional * Backwards compatible change * Added tests to check for a range of possible combinations for paths	2022-01-10 10:12:17 +01:00
Brent Spector	5edb7e6af2	format for lint	2022-01-05 17:01:15 -08:00
Brent Spector	26f9be4fb1	add path to jwt vault auth	2022-01-05 15:22:00 -08:00
Brent Spector	561bd3ae56	Add support for mount path in ldap auth	2022-01-05 14:54:50 -08:00
Willem Monsuwe	d04508e974	Added generic webhook provider This provider allows a secretstore with a generic url (templated) which will be called with a defined method, headers (templated) and optional body (also templated) The response can be parsed out with a jsonPath expression	2021-12-29 10:53:29 +01:00
Moritz Johner	80fac0f697	feat: add gcp workload identity via SA Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2021-12-17 12:20:12 +01:00
paul-the-alien[bot]	78d046b712	Merge pull request #530 from ADustyOldMuffin/add-docs-and-fix-ca-vault Add documentation for CAProvider namespace and fix issue with SecretStore	2021-12-16 19:44:24 +00:00
Vladimir Fedin	c351efcc15	Add ability provide CA for Yandex' Lockbox provider (#487 ) * Add ability provide CA for Yandex' Lockbox provider * Add tests for getting CA from secrets at Lockbox provider * fixup! Add tests for getting CA from secrets at Lockbox provider Co-authored-by: Vladimir Fedin <vladimirfedin@yandex-team.ru>	2021-12-16 20:16:23 +01:00
Daniel Hix	d53b3df7f8	Remove namespace requirement for secret store and require for cluster secret store	2021-12-13 17:07:32 -06:00
Daniel Hix	082cee230f	Merge branch 'main' into ibm-enable-retries	2021-12-13 13:27:57 -06:00
Laszlo Varadi	a976e32831	Supporting Managed Identity authentication for Azure Keyvault	2021-12-06 10:26:34 +01:00
renanaAkeyless	b0116e3199	Update zz_generated.deepcopy.go	2021-11-09 21:14:53 +02:00
renanaAkeyless	085fbd5f35	Update zz_generated.deepcopy.go	2021-11-09 20:39:33 +02:00
renanaAkeyless	0348bbb59d	lint	2021-11-08 13:27:12 +02:00
renanaAkeyless	4a5877d926	Adde Akeyless	2021-11-07 16:18:40 +02:00
Daniel Hix	99f49feee4	Add retry settings to secret store CRD	2021-10-20 18:50:01 -05:00
paul-the-alien[bot]	d9f30a3350	Merge pull request #414 from ADustyOldMuffin/vault-ca-provider Add the ability to specify cert for Vault from K8s Secrets	2021-10-20 21:43:37 +00:00
Daniel Hix	8e303e6d77	Add caProvider to types	2021-10-05 23:55:44 -05:00
Arthur	9f2a17f220	Merge branch 'main' into feat/immutable-secrets	2021-09-22 14:20:35 -03:00
Lucas Severo Alves	9d3b05a2c7	Merge pull request #365 from KianTigger/oracle-provider Oracle provider	2021-09-10 12:17:37 +01:00
Alexander Chernov	280964f84e	fix: dependent kind=secret are not recreated in case of deletion. (#349 ) * chore: whitespace, typos, superflous aliases * fix: deleted child secret is not recreated straight away. * fix: e2e run	2021-09-09 11:14:17 +02:00
Kian	694db476f9	Making changes based on feedback	2021-09-03 11:14:17 +01:00
KianTigger	9d6f7ac46f	Merge branch 'main' of https://github.com/external-secrets/external-secrets into external-secrets-main	2021-09-02 15:23:54 +01:00
Kian	baa91c75c8	Completed Oracle provider, e2e tests non functional due to lack of company OCI account	2021-09-02 15:19:47 +01:00
Elsa Chelala	db5b4c5044	eat: add status printcolumn to ES CRD (#318 ) Formatting changes	2021-08-31 13:14:09 -04:00
Elsa Chelala	7f6dcb5edb	WiP: Alibaba Provider	2021-08-30 15:25:26 -04:00
Ted	6f1fae0637	feat: specify GitLab URL to connect to	2021-08-27 18:19:28 -04:00
Kian	926e37448a	Developing unit tests and fixing provider files. In process of starting to write e2e test files	2021-08-27 16:09:39 +01:00
Lucas Severo Alves	a4c2c93255	fix: rebase conflits	2021-08-25 16:54:16 +02:00
jabray5	d45469acc7	operator functional and retrieves secrets from gitlab	2021-08-25 16:47:05 +02:00
jabray5	92f6077079	Added gitlab provider	2021-08-25 16:45:39 +02:00
zamysel	0dc8842b85	Merge branch 'main' into lockbox	2021-08-25 11:23:15 +03:00
Mouhsen Ibrahim	03f3622c2c	make auth key for GCPSM provider optional	2021-08-24 14:22:06 +02:00
Mouhsen Ibrahim	403a47c116	Add support for Google Cloud Identity If the name of the service account secret is kept empty, this means we want to use Google Cloud Identity to authenticate against the GCP project	2021-08-23 22:28:24 +02:00
zamysel	c7229199f3	Add support for Yandex Lockbox: custom API endpoint	2021-08-20 16:16:35 +03:00
zamysel	42a3e2c457	Add support for Yandex Lockbox: docs	2021-08-19 17:33:36 +03:00
Arthur	c8315865a1	add immutable field on ExternalSecretTarget and on v1.Secret creation Co-authored-by: mouhsen-ibrahim <mouhsen.ibrahim@gmail.com>	2021-08-18 19:55:10 -03:00
Kian	b030aed0a2	Merge remote-tracking branch 'origin/main' into oracle-provider	2021-08-18 14:41:30 +01:00
Kian	42d834aedf	Adding fixes to necessary files	2021-08-18 13:46:24 +01:00
Kian	3ae7015725	Setting up all necessary files for provider.	2021-08-18 13:42:12 +01:00
zamysel	6b2f852eb6	Add support for Yandex Lockbox: custom API endpoint	2021-08-17 20:13:13 +03:00
zamysel	7017935888	Add support for Yandex Lockbox	2021-08-12 20:05:02 +03:00
HenningE	328cf881b8	feat: add status printcolumn to ES CRD (#318 )	2021-08-10 17:10:56 +02:00
Spiros Economakis	f1829f0445	Set the metric when is deleted to condition deleted and false (#306 ) * Set the metric when is deleted to condition deleted and false When a metrics is deleted metrics are still shown ready and condition true. In practice this gives the wrong monitoring as the external secret in practice is deleted. Issue: #231 * Fix name and namespace for the metric of deletion	2021-08-07 23:40:26 +02:00
ric	2ab70cc510	Merge branch 'main' into mtls-auth	2021-07-26 09:43:56 +01:00
ric	44ef7756ef	refactoring to implement changes suggested in pull request 265 ,namely, 1) fetch client certificate and key as tls k8s secrets and 2) pass them directly to TLSClientConfig avoiding storing in disk	2021-07-21 22:30:49 +01:00
ric	4221c1b151	remove cacert from client Authentication. It's already in CABundle.	2021-07-20 14:44:58 +01:00
Moritz Johner	466938522c	feat(aws): add jwt authentication	2021-07-17 20:39:24 +02:00
ric	0edf4154da	merge with main	2021-07-14 14:26:04 +01:00
ric	7d2d83d695	update crds to inclue client and ca certs but not client private key	2021-07-14 12:59:04 +01:00
ric	73be01d492	most work done - missing unit tests and path do certs	2021-07-13 21:44:10 +01:00
Moritz Johner	59a851c941	feat(ctrl): implement creationPolicy=Merge/None	2021-07-12 18:45:44 +02:00
ric	fd53e76247	feat: ibm provider implementation Co-authored-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com> Co-authored-by: Lucas Severo <lucassalves65@gmail.com> Co-authored-by: Joey Brayshaw <joeybrayshaw@gmail.com> Co-authored-by: Elsa Chelala <elsachelala@gmail.com> Co-authored-by: choilmto <choilmto@gmail.com> Co-authored-by: Adrian Mouat <adrian.mouat@gmail.com> Co-authored-by: ricardoptcosta <ricardoptcosta@gmail.com> Co-authored-by: Gabi Beyer <Gabrielle.Beyer@container-solutions.com> Co-authored-by: Tomasz Tarczynski <ttarczynski@users.noreply.github.com> Co-authored-by: Mircea Cosbuc <mircea.cosbuc@container-solutions.com>	2021-07-02 16:00:05 +02:00
paul-the-alien[bot]	04219ded4e	Merge pull request #222 from external-secrets/feat/template-from implement templateFrom	2021-06-29 13:43:48 +00:00
Moritz Johner	73ca014cfb	feat: implement templateFrom	2021-06-28 21:29:09 +02:00
Moritz Johner	fb726dfb17	chore(docs): document es update behavior	2021-06-25 22:48:54 +02:00
Moritz Johner	5ac02ed2c4	feat: add synced resource version status	2021-06-25 21:23:29 +02:00
Nicolas Courbet	0e49b84f6d	Rebase on master, and rework unit tests	2021-06-02 17:14:58 +02:00
Ahmed MUSTAFA	4733427527	refactor vaultUrl and move it from External secrets to secret store	2021-06-02 17:04:50 +02:00
mjiao	fc95068034	Support azure kv as provider	2021-06-02 17:03:15 +02:00
1aziz	c3197051cb	add provider for gcp	2021-05-27 11:43:34 +02:00
Moritz Johner	e5d6e30d00	fix: template data should be string, fix update mechanics	2021-05-20 08:46:22 +02:00
xxxbobrxxx	f112d45aef	#150 Fix json fields names	2021-05-14 12:39:41 +03:00
xxxbobrxxx	c900c8deb5	#150 Fix JWT bugs	2021-05-14 09:40:13 +03:00
xxxbobrxxx	e4d8fb4046	#150 Implement LDAP and JWT/OIDC auth methods	2021-05-13 19:19:57 +03:00
xxxbobrxxx	704e7a785b	#150 Define data model for the Vault LDAP auth method	2021-05-13 18:02:04 +03:00
Moritz Johner	aaa6ad0ca8	fix: make vault version optional w/ defaults fixes #117	2021-04-28 18:46:16 +02:00
Moritz Johner	8c8064e0e1	Draft: feat: implement template (#69 ) * feat: implement template	2021-04-23 08:22:23 +02:00
Cameron McAvoy	f2d77e0324	Add service account selector to vault provider to look up the sa token	2021-04-19 13:26:29 -05:00
Kellin McAvoy	7be249ba63	Add vault provider implementation	2021-03-26 03:36:48 -05:00
Moritz Johner	640978ca9e	feat: awssm refactoring (#57 ) * fix: refactor awssm provider	2021-03-10 11:43:25 +01:00
Moritz Johner	a017255464	fix: validate refresh interval, refresh externalsecret (#48 ) * fix: refresh es	2021-03-05 23:58:08 +01:00
Moritz Johner	53cc579ee8	fix: ssm may respond with nil SecretString (#41 ) also: support nested json keys like foo.bar details here: https://github.com/tidwall/gjson	2021-02-26 09:11:16 +01:00
Moritz Johner	92be45df6a	add awssm support (#34 ) * feat: add awssm fixes #26	2021-02-24 20:01:28 +01:00
Moritz Johner	89c56c269f	feat: status conditions (#25 ) * feat: implement es ready condition Co-authored-by: Kellin <kellinmcavoy@gmail.com>	2021-02-15 21:51:38 +01:00
Moritz Johner	b460153452	chore: update crd-spec see https://github.com/external-secrets/crd-spec/pull/3 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2021-02-06 13:10:00 +01:00

1 2 3 4 5 ...

251 commits